Making a flow from eth0 to eth1 on a virtual machine

[cramped_gamut@…]

Hello there,

I am trying to use tcpreplay in a virual machinewhich has ubuntu version 11.10 kernel 2.6.38. I am trying to detect some protocols using L7 filter in ubuntu. For this, i captured some pcap files.

Now my try is to replay this traffic and send it through L7 filter and try to check whether it is being detected or not.

On my virtual pc, it has 2 nics, eth0 and eth1. What am i trying to do is to replay one pcap file for ex: dhcp.pcap through eht0, and then pass that traffic to L7 filter which is installed on the same ubuuntu OS (virutal) and check it whether detection is made or not and finally get output from eht1.

But for that firstly i need to send traffic from eth0 and get its output from eht1.

And i tried that command for this purpose. Is this the right one?? tcpprep --auto=bridge --pcap=dhcp.pcap --cachefile=dhcp.cache and su tcpreplay -C dhcp.cache -i eth0 -j eth1 dhcp.pcap

I am using tcpreplay version 3.4.3-2 Please help

[aturner]

I'm having a hard time understanding what you're trying to do. It would help if this was posted to the tcpreplay-users list since the ticketing system really isn't for asking questions.

Anyways, a few things:

1. Unless I'm mistaken, I'm pretty sure tcpreplay sending packets will bypass the L7 filter/classification engine in Linux on the outbound interface.
2. You should be able to get the inbound interface to process the packets with your L7 filter.
3. Tcpreplay has no control of where the packets are received- that's up to your networking configuration. Normally people use a cross-over network cable between two interfaces in this sorta case. You'll need to read your VMWare/Xen/whatever manual to figure out how to accomplish this.

Anyways, I'm closing this ticket as invalid, since I don't see a bug or feature request. If you have any further questions, please ask on the tcpreplay-users list.